Managed TLS

When an Endpoint requires a Certificate to perform SSL / TLS termination on your behalf, you can opt to let Enclave provision and renew certificates on your behalf (alternatively, you can provide your own with a Custom Certificate).

To do so, simply enable Managed HTTPS when creating your Endpoint. You’ll need to provide Enclave with the Custom Domain name you intend to use so Enclave knows what certificate to provision.

Managed HTTPS Validation Records

Managed HTTPS uses Let’s Encrypt under the hood. There are two mechanisms Enclave can use to authorize your domain with Let’s Encrypt and provision certificates your behalf:

For either of these to work, you’ll need to create some CNAMEs in the DNS provider you use for your Custom Domain. The CNAMEs you need to create are listed in the Dashboard.

http-01

Note

http-01 verification only works for Endpoints with External Placement that do not use IP Filtering.

HTTP verification relies on Let’s Encrypt sending a HTTP request to your app and receiving a specific response (presenting that response is handled by Enclave).

For this to work, you must have a setup a CNAME from your Custom Domain to the Endpoint Hostname provided by Enclave.

dns-01

Note

Unlike http-01 verification, dns-01 verification works with all Endpoints.

DNS verification relies on Let’s Encrypt checking for the existence of a DNS TXT record with specific contents under your domain.

For this to work, you must have created a CNAME from _acme-challenge.$DOMAIN (where $DOMAIN is your Custom Domain) to an Enclave-provided validation name. This name is provided in the Dashboard (it’s the acme subdomain of the Endpoint Hostname).